b'                            SOCIAL SECURITY\n                                   November 7, 2007\n\n\nThe Honorable Michael J. Astrue\nCommissioner\n\nDear Mr. Astrue:\n\nThe Reports Consolidation Act of 2000 (Pub. L. No. 106-531) requires Inspectors\nGeneral to provide a summary and assessment of the most serious management and\nperformance challenges facing Federal agencies and the agencies\xe2\x80\x99 progress in\naddressing them. This review is enclosed. As required by the Reports Consolidation\nAct, this Statement will be placed in the Social Security Administration\xe2\x80\x99s Fiscal Year\n2007 Performance and Accountability Report.\n\nIn November 2006, we identified six significant management issues facing the Social\nSecurity Administration for Fiscal Year (FY) 2007.\n\n   \xe2\x80\xa2 Social Security Number                        \xe2\x80\xa2 Internal Control Environment\n     Protection                                      and Performance Measures\n   \xe2\x80\xa2 Management of the Disability                  \xe2\x80\xa2 Systems Security and Critical\n     Process                                         Infrastructure Protection\n   \xe2\x80\xa2 Improper Payments and                         \xe2\x80\xa2 Service Delivery and Electronic\n     Recovery of Overpayments                        Government\n\nI congratulate you on the progress you have made during FY 2007 in addressing these\nchallenges. My office will continue to focus on these issues in FY 2008. I look forward\nto working with you to continue improving the Agency\xe2\x80\x99s ability to address these\nchallenges and meet its mission efficiently and effectively. I am providing you with the\nOffice of the Inspector General\xe2\x80\x99s assessment of these six management challenges.\n\n                                                Sincerely,\n\n\n\n\n                                                Patrick P. O\xe2\x80\x99Carroll, Jr.\n                                                Inspector General\n\n\n\n\n              SOCIAL SECURITY ADMINISTRATION      BALTIMORE MD 21235-0001\n\x0c Inspector General Statement\n             on the\nSocial Security Administration\xe2\x80\x99s\nMajor Management Challenges\n\n\n\n\n         November 2007\n           A-02-08-18061\n\x0c                                    Mission\nBy conducting independent and objective audits, evaluations and investigations,\nwe inspire public confidence in the integrity and security of SSA\xe2\x80\x99s programs and\noperations and protect them against fraud, waste and abuse. We provide timely,\nuseful and reliable information and advice to Administration officials, Congress\nand the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xef\x81\xad Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xef\x81\xad Promote economy, effectiveness, and efficiency within the agency.\n  \xef\x81\xad Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xef\x81\xad Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xef\x81\xad Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xef\x81\xad Independence to determine what reviews to perform.\n  \xef\x81\xad Access to all information necessary for the reviews.\n  \xef\x81\xad Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nWe strive for continual improvement in SSA\xe2\x80\x99s programs, operations and\nmanagement by proactively seeking new ways to prevent and deter fraud, waste\nand abuse. We commit to integrity and excellence by supporting an environment\nthat provides a valuable public service while encouraging employee development\nand retention and fostering diversity and innovation.\n\x0c                   Social Security Number Protection\nIn Fiscal Year (FY) 2007, the Social Security Administration (SSA) issued approximately\n5.7 million original and 11.6 million replacement Social Security number (SSN) cards\nand received approximately $620 billion in employment taxes related to earnings under\nassigned SSNs. Protecting the SSN and properly posting the wages reported under\nSSNs are critical to ensuring eligible individuals receive the full benefits due them.\n\nSSA has taken significant steps over the past several years to improve controls in its\nenumeration process. The Agency has made progress in providing greater SSN\nprotection; nevertheless, incidents of SSN misuse continue to rise. To further\nstrengthen SSN integrity, we believe SSA should (1) seek legislation to reduce the\nallowable circumstances in which entities may require the collection and use of SSNs as\nunique identifiers or recordkeeping tools and improve the protection of this information\nwhen obtained, (2) continue to address identified weaknesses in its information security\nenvironment to safeguard SSNs in a better way, and (3) continue to coordinate with\npartner agencies to pursue any data sharing agreements that would increase data\nintegrity.\n\nIn May 2007, the Office of Management and Budget (OMB) issued Memorandum\nM-07-16 to Federal agencies regarding safeguarding against and responding to\nbreaches of personally identifiable information (PII), including the establishment and\nimplementation of plans to eliminate unnecessary collection and use of SSNs. We\nbelieve this is an important step in protecting SSNs in the Federal sector and can serve\nas a model for State and local governments, as well as private entities. We are\nencouraged that SSA is taking steps to implement this OMB guidance. For further\ninformation on the SSA\xe2\x80\x99s actions to protect PII, see our discussion in the Systems\nSecurity and Critical Infrastructure Protection section of this report.\n\nMaintaining the integrity of the SSN and Social Security programs also involves properly\nposting earnings reported under SSNs. Accurate earnings records are used to\ndetermine both the eligibility for Social Security benefits and the amount of those\nbenefits. The Earnings Suspense File (ESF) is the Agency\xe2\x80\x99s record of annual wage\nreports for wage earners whose names and SSNs fail to match SSA\xe2\x80\x99s records. As of\nOctober 2006, the ESF had accumulated approximately 264 million wage items for\nTax Years 1937 through 2004, representing about $586 billion in wages.\n\nWhile SSA cannot control all of the factors associated with erroneous wage reports,\nSSA can continue to improve wage reporting by educating employers on reporting\ncriteria, identifying and resolving employer reporting problems, and encouraging greater\nuse of both SSA\xe2\x80\x99s and the Department of Homeland Security\xe2\x80\x99s (DHS) employee\nverification programs. SSA can also improve coordination with other Federal agencies\nwith separate, yet related, mandates. For example, the Agency needs to work with the\nInternal Revenue Service to achieve more accurate wage reporting. SSA also needs to\nwork with DHS to improve controls over employee verification programs. Finally, SSA\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                          1\n\x0cwill need to coordinate closely with DHS on its recently proposed rule (Safe-Harbor\nProcedures for Employers Who Receive a No-Match Letter) requiring employers to take\ntimely action on SSA no-match letters to avoid liability under immigration laws. The use\nof SSA\xe2\x80\x99s employer no-match letter process to assist DHS with its worksite enforcement\nmission has led to public concerns from labor advocacy groups and unions regarding\nindividuals being denied employment inappropriately. In October 2007, a preliminary\ninjunction was issued preventing the mailing of the letters based on a lawsuit filed by\nlabor advocacy organizations.\n\nAnother area of concern related to SSN integrity is the use of nonwork SSNs by\nnoncitizens for unauthorized employment in the United States. SSA assigns nonwork\nSSNs to noncitizens when (1) a Federal statute or regulation requires that noncitizens\nprovide an SSN to receive a federally funded benefit to which they have established an\nentitlement or (2) a State or local law requires that noncitizens who are legally in the\nUnited States provide an SSN to receive public assistance benefits to which they are\nentitled and for which all other requirements have been met. SSA assigns these\nindividuals SSN cards with a \xe2\x80\x9cNot Valid for Employment\xe2\x80\x9d annotation. SSA also provides\ninformation about earnings reported under a nonwork SSN to DHS as required by law.\nNonetheless, prior audits have noted several issues related to nonwork SSNs, including\nthe (1) type of evidence provided to obtain a nonwork SSN, (2) reliability of nonwork\nSSN information in SSA\xe2\x80\x99s records, (3) volume of wages reported under nonwork SSNs,\nand (4) restrictions on payment of benefits to noncitizens who qualified for their benefits\nwhile working in the United States but lack proper authorization. SSA\xe2\x80\x99s future\naccomplishments with nonwork SSNs will require increased coordination with DHS to\nensure SSA has correct work status information.\n\nSSA Has Taken Steps to Address this Challenge\nOver the past 5 years, SSA has implemented numerous improvements to its\nenumeration process. For example, SSA implemented new systems software, which\nfield offices are required to use, called the SS-5 Assistant. This program has simplified\nthe interpretation of, and compliance with, SSA\xe2\x80\x99s complex enumeration policies and,\nunlike the traditional process, will not process an SSN request unless SSA staff enters\nall of the applicant\xe2\x80\x99s required information. SSA has also established five Social Security\nCard Centers that focus exclusively on assigning SSNs and issuing SSN cards\xe2\x80\x94and it\nhas plans to open more as resources permit.\n\nIn addition, SSA has implemented several enhancements designed to protect the SSN\nunder the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA)\n(Pub. L. No. 108-458). The enhancements include (1) restricting the issuance of\nmultiple replacement SSN cards to 3 per year and 10 in a lifetime; (2) requiring\nindependent verification of any birth record submitted by a U.S. born individual to\nestablish eligibility for an SSN, other than for purposes of enumeration at birth;\n(3) consulting with DHS and other agencies to further improve the security of SSNs and\nSSN cards; and (4) strengthening the standards and requirements for citizenship and\nidentity documents presented with SSN applications to ensure the correct individual\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                         2\n\x0cobtains the correct SSN. Additionally, SSA has significantly decreased the number of\nnonwork SSNs it assigns to noncitizens as a result of a change in regulations and field\noffice compliance with procedures to ensure that nonwork SSNs are issued only to\nqualified individuals.\n\nSSA has also taken steps to reduce the size and growth of the ESF. In June 2005, the\nAgency expanded its voluntary Social Security Number Verification Service (SSNVS) to\nall interested employers nationwide. SSNVS allows employers to verify the names and\nSSNs of employees before reporting their wages to SSA. During Calendar Year 2006,\nSSNVS processed over 49 million verifications for over 13,400 registered employers.\n\nSSA also supports DHS in administering \xe2\x80\x9cE-Verify\xe2\x80\x9d formerly known as the Basic Pilot\nProgram, which verifies the names and SSNs of employees as well as their\nauthorization to work in the United States. The \xe2\x80\x9cE-Verify\xe2\x80\x9d program is available to\nemployers nationwide and was recently enhanced to include a Photo Screening Tool\nfeature, which allows an employer to check the photos of a new hire\'s Employment\nAuthorization Document or Permanent Resident Card (\xe2\x80\x9cGreen Card\xe2\x80\x9d) against images\nstored in DHS immigration databases. During FY 2006, \xe2\x80\x9cE-Verify\xe2\x80\x9d processed about\n1.7 million verifications for approximately 12,000 employers.\n\nThe Agency continues to modify the information it shares with employers. Under\nIRTPA, SSA is required to add both death and fraud indicators to the SSN verification\nsystems for employers, State agencies issuing drivers\xe2\x80\x99 licenses and identity cards, and\nother verification routines, as determined appropriate by the Commissioner of Social\nSecurity. SSA added death indicators to those verification routines used by employers\nand State agencies on March 6, 2006 and added fraud indicators in August 2007.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                         3\n\x0c                 Management of the Disability Process\nSSA needs to continue to improve critical parts of the disability process, such as making\ntimely disability decisions and safeguarding the integrity of its disability programs.\nSSA\xe2\x80\x99s disability program has remained on the Government Accountability Office\xe2\x80\x99s\n(GAO) high-risk list since 2003 due, in part, to outmoded concepts of disability, lengthy\nprocessing times, and inconsistencies in disability decisions across adjudicative levels\nand locations.\n\nAt the forefront of congressional and Agency concern is the timeliness of SSA\xe2\x80\x99s\ndisability decisions at the hearings adjudicative level. The average processing time for\nthe Office of Disability Adjudication and Review (ODAR), responsible for SSA\xe2\x80\x99s hearings\nand appeals programs, continues to increase each FY\xe2\x80\x94from 293 days in FY 2001 to\n512 days in FY 2007. In our December 2006 report on Disability Insurance (DI)\npayments made during the appeals process, we found that financial performance and\ncitizen satisfaction of the DI program could be greatly increased if SSA would establish\na business process to allow more timely decisions on medical cessation appeals. In our\nMarch 2007 audit on ODAR\xe2\x80\x99s workload status reports, we reported that we found no\nclear link between the Agency\xe2\x80\x99s internal hearings workload benchmarks and the overall\nperformance goal for the average processing time of a hearing.\n\nODAR\xe2\x80\x99s pending workload also continues to increase steadily. At the end FY 2007, the\npending workload was 746,744 cases\xe2\x80\x94up from 392,387 cases in FY 2001. We\nrecently presented SSA with the results of our review on Administrative Law Judges\xe2\x80\x99\n(ALJ) Caseload Performance. The review recommended SSA establish a performance\naccountability process to address ALJ performance when it falls below an acceptable\nlevel. The recommendation, when implemented by SSA, will assist the Agency in\nreducing pending workloads.\n\nSSA Has Taken Steps to Address this Challenge\nIn August 2006, SSA implemented a Quick Disability Determination (QDD) process\nwhich uses a computer model to identify cases when the individuals are obviously\ndisabled and are likely to be allowed. The QDD process was successful with Disability\nDetermination Services (DDS) issuing decisions on 95 percent of cases within the\nrequired timeframe. Based on the results of the QDD process in the Boston region, the\nCommissioner of Social Security required DDSs nationwide to implement the QDD\nprocess by March 2008.\n\nIn response to our March 2007 audit on ODAR\xe2\x80\x99s workload status reports, the Agency\nhas developed \xe2\x80\x9cguidelines\xe2\x80\x9d related to the steps in the hearings process to track the\nAgency\xe2\x80\x99s performance goal for average processing time. ODAR has also taken other\nsteps, such as encouraging hearing offices to view case processing using a weekly\nrather than monthly timeframe, to improve office productivity.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                       4\n\x0cTo address its pending workload, ODAR accelerated and expanded efforts to address\ncases that have been waiting 1,000 days or more for a hearing\xe2\x80\x94with the goal of having\nthese cases to a negligible level by the end of FY 2007. Specifically, at the beginning of\nFY 2007, there were about 63,000 cases pending which were or would become over\n1,000 days old by the end of the FY. As of end of FY 2007, this pending workload was\nreduced to 108 cases.\n\nThe Commissioner also recently announced additional initiatives in an effort to reduce\nthe hearings backlog by FY 2012. Many of these initiatives are either ongoing or\nexpected to begin within the next few months. The Commissioner\xe2\x80\x99s initiatives include:\n\n   \xe2\x80\xa2   Compassionate allowances where SSA plans to build on the success of the\n       QDD process by implementing additional initiatives to quickly identify and allow\n       applicants who are obviously disabled.\n\n   \xe2\x80\xa2   Increased adjudicatory capacity which includes filling hearing dockets of\n       current ALJs to capacity by increasing staff overtime, improving ALJ productivity,\n       hiring at least 150 ALJs and the necessary accompanying support staff,\n       streamlining folder assembly, and using personnel from other SSA components\n       to assist the most affected hearing offices.\n\n   \xe2\x80\xa2   Using automation and improved business processes such as video\n       equipment in all hearings offices, electronic file assembly, electronic scheduling,\n       and decision-writing templates to improve case processing at the hearings level.\n\n   \xe2\x80\xa2   Opening a National Hearing Center where ALJs in a centralized, fully electronic\n       facility will handle electronic files and conduct only video hearings.\n\nWe continue to work with the Agency to safeguard the integrity of its disability programs\nwith the Cooperative Disability Investigations (CDI) program. Under the CDI program,\nour Office of Investigations and SSA staff obtain evidence to resolve questions of fraud\nin disability claims. Since the program\xe2\x80\x99s inception in FY 1998, the 19 CDI units,\noperating in 17 States, have been responsible for over $879 million in projected savings\nto SSA\xe2\x80\x99s disability programs and over $539 million in projected savings to non-SSA\nprograms.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                            5\n\x0c      Improper Payments and Recovery of Overpayments\nImproper payments are defined as any payment that should not have been made or\nwas made in an incorrect amount under statutory, contractual, administrative, or other\nlegally applicable requirements. Examples of improper payments include payments\nmade to ineligible recipients, duplicate payments, and payments that are for the\nincorrect amount. Furthermore, the risk of improper payments increases in programs\nwith a significant volume of transactions, complex criteria for computing payments, and\nan overemphasis on expediting payments.\n\nSSA and the Office of the Inspector General (OIG) have discussed such issues as\ndetected versus undetected improper payments and avoidable versus unavoidable\noverpayments that are outside the Agency\'s control and a cost of doing business. OMB\nissued specific guidance to SSA to include only avoidable overpayments in its improper\npayment estimate because those payments can be reduced through changes in\nadministrative actions. Unavoidable overpayments that result from legal or policy\nrequirements are not to be included in SSA\xe2\x80\x99s improper payment estimate.\n\nThe President and Congress continue to express interest in measuring the universe of\nimproper payments in the Government. In August 2001, OMB published the President\xe2\x80\x99s\nManagement Agenda (PMA), which included a governmentwide initiative for improving\nfinancial performance, including reducing improper payments. The Improper Payments\nInformation Act of 2002 (IPIA) (Pub. L. No. 107-300) was enacted in November 2002,\nand OMB issued guidance in May 2003 (OMB Memorandum M-03-13) on implementing\nthis law. In August 2006, OMB updated and revised this guidance (OMB Memorandum\nM-06-23). Significant updates to the guidance include new language to clarify the\ndefinition of an improper payment and clarification of OMB\xe2\x80\x99s authority to require\nagencies to track programs under the IPIA with low error rates (i.e., less than\n2.5 percent), but significant improper payment amounts.\n\nSSA issues billions of dollars in benefit payments under the Old-Age, Survivors and\nDisability Insurance (OASDI) and Supplemental Security Income (SSI) programs\xe2\x80\x94and\nsome improper payments are unavoidable. In FY 2007, SSA issued over $612 billion in\nbenefit payments to over 54 million people. Since SSA is responsible for issuing timely\nbenefit payments for complex entitlement programs to millions of people, even the\nslightest error in the overall process can result in millions of dollars in over- or\nunderpayments.\n\nIn January 2007, OMB issued a report, Improving the Accuracy and Integrity of Federal\nPayments, noting that eight Federal programs\xe2\x80\x94including SSA\xe2\x80\x99s OASDI and SSI\nprograms\xe2\x80\x94accounted for more than 89 percent of the improper payments in FY 2006.\nHowever, this report also noted that the OASDI error rate dropped by 1/10th of\n1 percent, which resulted in a $401 million reduction in improper payments.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                         6\n\x0cIn August 2007, we issued a report, Improper Payments Resulting from the Annual\nEarnings Test, that showed that SSA did not adjust the benefit payments for all\nbeneficiaries who were subject to the Annual Earnings Test. We estimated SSA\noverpaid about $313 million to 89,300 beneficiaries and underpaid about $35 million to\n12,800 beneficiaries. These payment errors primarily occurred because SSA did not\nprocess all records identified by its Earnings Enforcement Operation (EEO).\nFurthermore, unless SSA takes corrective action to process all future EEO selections,\nwe estimated it would pay at least $104 million in overpayments and $11 million in\nunderpayments annually.\n\nSSA Has Taken Steps to Address this Challenge\nSSA has been working to improve its ability to prevent over- and underpayments by\nobtaining beneficiary information from independent sources sooner and using\ntechnology more effectively. For example, the Agency is continuing its efforts to prevent\npayments after a beneficiary dies by using Electronic Death Registration information.\nAlso, the Agency\'s Continuing Disability Review process is in place to identify and\nprevent beneficiaries who are no longer disabled from receiving payments.\n\nSSA is also taking steps to recover overpayments. For example, the Agency generally\nagreed to the recommendations to improve its efforts for cross-program recovery of\noverpayments that were in our June 2007 report, Cross-Program Recovery of Benefit\nOverpayments. For the records we reviewed, we estimated SSA could collect a\nmaximum of about $3.6 million over a 21-month period from SSI payments to recover\nOASDI overpayments. The amounts recovered could also earn about $149,000 in\ninterest for the OASDI trust funds over the 21-month period. In addition, we estimated\nthat over the 21-month period, SSA could recover a maximum of about $13.4 million in\nSSI overpayments. In September 2007, SSA implemented Cross Program Recovery III,\nwhich collects OASDI overpayments from SSI underpayments. SSA reported that the\nnew program provided for the collection of over $4 million in its first month of\nimplementation.\n\nWe will continue to work with SSA to identify and address improper payments in its\nprograms. For example, in our review, Title II Disability Insurance Benefits with a\nWorkers\xe2\x80\x99 Compensation Offset (issued in November 2006), we found that the\npercentage of payments in error identified in this report declined significantly when\ncompared to the percentage we reported in our prior workers\xe2\x80\x99 compensation offset\naudits. However, although there has been an improvement in reducing improper\npayments due to workers\xe2\x80\x99 compensation, we still identified about 25,377 disability\ninsurance claims totaling approximately $149 million that had payment errors. SSA\nagreed to implement the five recommendations we made regarding this workload.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                        7\n\x0c Internal Control Environment and Performance Measures\nSound management of public programs includes both effective internal controls and\nperformance measurement. Internal control comprises the plans, methods, and\nprocedures used to meet missions, goals, and objectives. OMB\xe2\x80\x99s Circular No. A-123,\nManagement\xe2\x80\x99s Responsibility for Management Control, requires the Agency and its\nmanagers to take systematic and proactive measures to develop and implement\nappropriate, cost-effective internal control for results-oriented management.\nAccordingly, SSA management is responsible for determining through performance\nmeasurement and systematic analysis if the programs it manages achieve intended\nobjectives.\n\nEstablishing appropriate controls over the development of disability claims under the DI\nand SSI programs is one of the main work processes for which SSA is responsible.\nDisability determinations under DI and SSI are required to be performed by DDSs in\neach State in accordance with Federal regulations. Each DDS is responsible for\ndetermining claimants\xe2\x80\x99 disabilities and ensuring adequate evidence is available to\nsupport its determinations. SSA reimburses the DDS for 100 percent of allowable\nexpenditures up to its approved funding authorization. In FY 2007, SSA allocated over\n$1.7 billion to fund DDS operations.\n\nFrom FY 2000 through FY 2007, we conducted 61 DDS administrative cost audits. In\n32 of the 61 audits, we identified internal control weaknesses and over $110 million that\nSSA reimbursed to the States that were not properly supported or could have been put\nto better use. Fourteen of the 61 audits conducted were completed in FY 2007. Six of\nthese reports noted similar control weaknesses identified in DDS audits in previous\nyears and over $28 million of questioned costs and/or funds that could be put to better\nuse. We believe the large dollar amounts claimed by State DDSs and the control issues\nwe have identified, warrant this issue remaining a major management challenge.\n\nAnother area that requires sound management and effective internal control is the\nselection and oversight of contractors assisting the Agency in meeting its mission. In\nFY 2007, SSA spent over $715 million on contracts. We reviewed 11 of SSA\xe2\x80\x99s\ncontracts in FY 2007. We generally found that the costs claimed for services provided\nby the contractors involved were reasonable and allowable. While we noted no major\nconcerns in the reviews conducted, we believe ensuring proper oversight and controls\nover its contracts is inherently a major management challenge for SSA due to the total\ndollar amounts awarded and risks involved with contractors adequately delivering\nservices and meeting contract objectives.\n\nThe Government Performance and Results Act of 1993 (Pub. L. No. 103-62) and the\nPMA call for the identification of outcome measures that accurately monitor programs\xe2\x80\x99\nperformance. Also, SSA managers need sound information to monitor and evaluate\nperformance. In FY 2007, we issued 7 audits that addressed 14 of SSA\xe2\x80\x99s performance\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                        8\n\x0c    measures. Four of the seven audits were based on work that began in FY 2006, with\n    audit work continuing into FY 2007. The nine performance measures addressed in\n    these four reports are listed below.\n\n\xe2\x80\xa2     Increase the Usage of Electronic           \xe2\x80\xa2   Increase the Percent of Employee\n      Entitlement and Supporting Actions             Reports (W-2 forms) Filed Electronically\n\xe2\x80\xa2     Agency Decisional Accuracy Rate            \xe2\x80\xa2   Number of SSA Hearings Processed\n\xe2\x80\xa2     Average Processing Time for Hearings       \xe2\x80\xa2   Average Processing Time for SSA\n      Appeals                                        Hearings\n\xe2\x80\xa2     Disability Determination Services          \xe2\x80\xa2   Average Processing Time for Initial\n      Cases Processed per Workyear                   Disability Claims\n\xe2\x80\xa2     Number of Initial Disability Claims\n      Processed by the Disability\n      Determination Services\n\n    We concluded the data used for five of the nine measures were reliable and that the\n    data used for four of them were unreliable.\n\n    Three of the seven audits released in FY 2007 were based on work that began and was\n    completed in FY 2007. The five performance measures addressed by these audits are\n    listed below.\n\n\xe2\x80\xa2     Percent of Individuals Who Do              \xe2\x80\xa2   Percent of Old-Age, Survivors, and\n      Business with SSA Rating the Overall           Disability Insurance Payments Free of\n      Service as \xe2\x80\x9cExcellent,\xe2\x80\x9d \xe2\x80\x9cVery Good,\xe2\x80\x9d or        Overpayment and Underpayment\n      \xe2\x80\x9cGood\xe2\x80\x9d\n\xe2\x80\xa2     Minimize Skill and Knowledge Gaps in       \xe2\x80\xa2   Continue to Achieve 2 Percent\n      Mission-Critical Positions                     Productivity Improvement on Average\n\xe2\x80\xa2     Align Employee Performance with\n      Agency Mission and Strategic Goals\n\n    We concluded that the data used for four of the five measures were reliable and that the\n    data used for one of them was unreliable.\n\n    Generally, when data was determined to be unreliable, it was due to weaknesses in\n    internal or access controls over the systems used to collect and process it. Due to the\n    control weaknesses, the data was not sufficiently secure to be certain of its integrity.\n    The challenge SSA faces in this area is ensuring that it has reliable management\n    information when making strategic and operational plans.\n\n    SSA Has Taken Steps to Address this Challenge\n    SSA has taken steps to develop internal controls over its operations and contractor\n    performance and in developing sound performance data. SSA has generally agreed\n    with our recommendations that address internal control weaknesses associated with\n    DDSs and has taken the recommended steps to ensure that reimbursements provided\n\n\n    IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                          9\n\x0cto DDSs are allowable and properly supported. Additionally, SSA is working to limit the\nnumber of employees that have access and the ability to change data in its performance\ndata collection systems to help ensure the integrity of its management information.\nAlso, the Agency has worked with us to determine what is the best way to audit its\nperformance data without significantly increasing its data storage costs. This effort\nincludes gaining real time access to SSA\xe2\x80\x99s performance data, which allows us to test\nthe data as it is being created.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                   10\n\x0c   Systems Security and Critical Infrastructure Protection\nProtecting the critical infrastructure of the United States is essential to the Nation\xe2\x80\x99s\nsecurity, public health and safety, economic vitality, and way of life. Attacks on critical\ninfrastructure could significantly disrupt the functioning of Government and business\nalike and produce cascading effects far beyond the targeted sectors and physical\nlocation of the incident. Therefore, any disruptions in the operation of information\nsystems that are critical to the Nation\xe2\x80\x99s infrastructure should be infrequent, manageable,\nof minimal duration and result in the least damage possible. The Government must\nmake continuous efforts to secure information systems for critical infrastructures.\n\nSSA\xe2\x80\x99s information security challenge is to understand and mitigate system\nvulnerabilities. Weaknesses in controls over access to its electronic information,\ntechnical security configuration standards, suitability, and continuity of systems\noperations have been identified. While many of these weaknesses have been resolved,\nSSA needs to monitor these issues diligently to ensure that they do not reoccur.\n\nOMB continues to stress the importance of protecting the public\xe2\x80\x99s privacy and PII as\nemphasized by new guidance such as OMB Memorandum M-07-16, Safeguarding\nAgainst and Responding to the Breach of Personally Identifiable Information. This new\nguidance mandates agencies increase efforts to reduce the use of PII collected and\nheld. OMB Memorandum M-07-16 complements existing PII guidance including OMB\nMemorandum M-06-15, Safeguarding Personally Identifiable Information, and OMB\nMemorandum M-06-19, Reporting Incidents Involving Personally Identifiable Information\nand Incorporating the Cost for Security in Agency Information Technology Investments.\nOMB is also incorporating more privacy and PII protection questions in its annual\nFederal Information Security Management Act (FISMA) (Pub. L. No. 107-347, Title III)\nguidance (OMB Memorandum M-07-19).\n\nSSA Has Taken Steps to Address this Challenge\nSSA has taken numerous steps to address OMB guidance on PII. In September 2006,\nthe Agency released, Policy and Procedures for All SSA Employees for Reporting the\nLoss or Suspected Loss of Personally Identifiable Information (Information Systems\nSecurity Handbook, Appendix V). This policy requires the reporting of incidents\ninvolving the loss or potential loss of PII within 1 hour of discovery. In March 2007, the\nAgency issued procedures on safeguarding PII while in transit or outside of secure SSA\nspace. In September 2007, SSA issued the, SSA Breach Notification Policy, The Social\nSecurity Administration\xe2\x80\x99s Implementation Plan To Eliminate Unnecessary Use Of Social\nSecurity Numbers, and The Social Security Administration\xe2\x80\x99s Plan and Progress Update\non Review and Reduction of Holdings of Personally Identifiable Information (PII). The\nAgency has also established workgroups, a PII Executive Steering Committee, which\nprovides oversight and recommendations on SSA policy, and the PII Breach Response\nGroup whose role is to engage in Agency planning in the event a breach occurs.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                       11\n\x0cSSA addresses significant information technology control issues in many other ways.\nFor example, the Agency developed and implemented configuration standards for all\nmajor operating system platforms and software components. SSA also began an\nextensive monitoring process to ensure that the Agency\xe2\x80\x99s over 100,000 servers and\nworkstations are in compliance with established system configuration standards.\nFurther, SSA maintained Certifications and Accreditations for all 20 major systems,\nwhich were substantially compliant with security standards. SSA has instituted access\ncontrol policies to ensure appropriate segregation of duties by limiting access to critical\ninformation on a \xe2\x80\x98need only\xe2\x80\x99 basis.\n\nOver the years, SSA has worked to establish sufficient access controls as evidenced by\nthe use of Top Secret software and the System Security Profile Project (SSPP). An\nemployee\xe2\x80\x99s profile is the primary element used to control access to SSA\xe2\x80\x99s databases.\nAs a result of the SSPP, in FY 2005, the access control issue was removed as a\nreportable condition from SSA auditor\xe2\x80\x99s financial statement report. SSA needs to\ncontinue its efforts to fully implement the policies that control access to sensitive\nrecords. Such efforts should include:\n\n   \xe2\x80\xa2   Updating and developing new configuration standards when appropriate;\n\n   \xe2\x80\xa2   Strengthening its access control processes to ensure that the user profiles are\n       adequately reviewed and tested;\n\n   \xe2\x80\xa2   Continuing to monitor the Agency\xe2\x80\x99s devices for compliance with established\n       configuration standards;\n\n   \xe2\x80\xa2   Continuing to work the SSPP and the regular monitoring of accesses made to\n       sensitive data; and\n\n   \xe2\x80\xa2   Controlling and monitoring DDS employees and contractors\xe2\x80\x99 access to sensitive\n       SSA information.\n\nSSA has implemented a variety of methods to protect its critical information\ninfrastructure and systems security. For example, SSA\xe2\x80\x99s Critical Infrastructure\nProtection workgroup continuously looks to find ways to ensure Agency compliance with\nvarious directives, such as Homeland Security Presidential Directives and FISMA. To\nprovide for the protection of the critical assets of the SSA National Computer Center,\nSSA has initiated the Information Technology Operations Assurance (ITOA) project.\nThe objective of the ITOA project is to build a second, fully functional, co-processing\ndata center. SSA also routinely releases security advisories to its employees and has\nhired outside contractors to provide expertise in this area.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                        12\n\x0c            Service Delivery and Electronic Government\nOne of SSA\xe2\x80\x99s goals is to deliver high-quality \xe2\x80\x9ccitizen-centered\xe2\x80\x9d service. This goal\nencompasses traditional and electronic services to applicants for benefits, beneficiaries\nand the general public. It includes services to and from States, other agencies, third\nparties, employers, and other organizations, including financial institutions and medical\nproviders. This area includes the challenges of the Representative Payee Process,\nMedicare Prescription Drug Program, Managing Human Capital and Electronic\nGovernment (e-Government).\n\nWhen SSA determines a beneficiary cannot manage his or her benefits, SSA selects a\nrepresentative payee who must use the payments for the beneficiary\xe2\x80\x99s interests. In\nFY 2007, SSA reported there were approximately 5.3 million representative payees who\nmanaged about $49.9 billion in annual benefit payments for approximately 7.1 million\nbeneficiaries in FY 2006. While representative payees provide a valuable service for\nbeneficiaries, SSA must provide appropriate safeguards to ensure its responsibilities\nare met to the beneficiaries it serves.\n\nIn FY 2007, we identified several problematic conditions during our reviews of SSA\xe2\x80\x99s\nrepresentative payee process. We found SSA\xe2\x80\x99s procedures did not ensure new\nrepresentative payees were selected when the death of current payees occurred. We\nwere also unable to identify if SSA referred, as required, all misuse cases to the OIG.\nFurthermore, SSA did not always use its authority to redirect benefit payments to the\nlocal field office when representative payees failed to submit annual accounting reports.\nFinally, in July 2007, the National Academy of Sciences (NAS) issued a report,\nImproving the Social Security Representative Payee Program: Serving Beneficiaries\nand Minimizing Misuse, that contained several recommendations to improve SSA\xe2\x80\x99s\nrepresentative payee program. For example, NAS reported that SSA should take steps\nto prevent and detect misuse of beneficiary funds in a better way. In addition, NAS\nrecommended that SSA conduct targeted reviews of those representative payees most\nlikely to misuse benefits.\n\nThe Medicare Prescription Drug, Improvement and Modernization Act of 2003\n(Pub. L. No. 108-173) established a new, voluntary Prescription Drug Program that\nbecame effective January 2006. Under this program, certain low-income individuals are\neligible to receive prescription drug coverage, premium, deductible, and co-payment\nsubsidies. Implementation of the program presented several challenges for SSA. For\nexample, SSA needed to conduct outreach efforts to promote the program, perform\nincome and resource verifications for individuals who applied for low-income subsidies\nand review appeals for applicants who disputed SSA\xe2\x80\x99s eligibility determinations.\n\nAs of January 2007, the GAO continued to identify strategic human capital management\non its list of high-risk Federal programs and operations. Further, Strategic Management\nof Human Capital is one of five governmentwide initiatives contained in the PMA. By\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                      13\n\x0cthe end of 2012, SSA projects its DI rolls will have increased by 35 percent. Further, by\nFY 2015, 54 percent of current SSA employees will be eligible to retire. This could\nresult in a loss of institutional knowledge that will affect SSA\xe2\x80\x99s ability to deliver quality\nservice to the public.\n\nSSA faces numerous challenges in its attempts to provide eServices to the public,\nGovernment and business. For example, SSA is facing increased workloads as \xe2\x80\x9cbaby\nboomers\xe2\x80\x9d become eligible for retirement and as the disability beneficiary population\ngrows. At the same time, there is a greater need for prompt, secure, and efficient\nGovernment Internet services. We believe SSA needs to increase its efforts to\nencourage claimants to file claims via the Internet Social Security Benefit Application\n(ISBA). The percentage of claims filed through the Internet has remained at about 3 to\n5 percent over the previous 5 years. Furthermore, about 73 percent of claimants who\nfile electronically for retirement or disability benefits over ISBA still have to be contacted\nby SSA\xe2\x80\x99s field offices before processing can be completed.\n\nSSA Has Taken Steps to Address this Challenge\nSSA has taken several actions to address the challenges of its representative payee\nprocess. This includes providing periodic reports mandated by Congress under the\nSocial Security Protection Act of 2004 on its representative payee site reviews and\nother reviews. SSA has also established a Representative Payment Steering\nCommittee to address the NAS conclusions and recommendations and planned\nenhancements to its information systems for the issuance of alerts to field offices to\nselect a new representative payee when SSA is notified of a payee\xe2\x80\x99s death.\n\nTo manage the challenges presented by the Medicare Prescription Drug Program, SSA\nconducted more than 75,000 outreach events across the country to promote the\nprogram. Based on income and resource verifications performed as of February 2007,\nSSA approved low income subsidies to about 2.1 million applicants and denied low\nincome subsidies to about 2.5 million applicants. SSA created a Subsidy Appeals Unit\nto process appeals of its subsidy eligibility determinations and continues to perform\nperiodic redeterminations of subsidy eligibility.\n\nSince June 2004, SSA has consistently scored "green" in both \xe2\x80\x9cCurrent Status\xe2\x80\x9d and\n\xe2\x80\x9cProgress in Implementing the PMA,\xe2\x80\x9d for Human Capital on the Executive Branch\nManagement Scorecard. The scorecard tracks how well the departments and major\nagencies are executing the governmentwide management initiatives. SSA has taken\nvarious actions to address its human capital challenges. In the Agency\xe2\x80\x99s FY 2006\nAnnual Human Capital Accountability Report, SSA reported it developed an Office of\nPersonnel Management certified Human Capital Accountability System and Operating\nPlan. In addition, SSA reported it instituted changes in its organizational structure to\nexpedite service to the public.\n\nE-Government is a cornerstone of the PMA. SSA is incorporating this Presidential\ninitiative into its process by promoting convenient, quality on-line services. SSA is\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                          14\n\x0ccurrently using the Web to provide services through its Homepage. ISBA has\nconsistently rated at the top of all Federal offerings by the American Customer\nSatisfaction Index Scorecard. In FY 2007, SSA reported a 292 percent increase over\nthe FY 2004 baseline in the use of electronic entitlement and supporting actions during\nFY 2006. One of the more recent users of SSA\xe2\x80\x99s electronic services was the Nation\xe2\x80\x99s\nfirst \xe2\x80\x9cbaby boomer,\xe2\x80\x9d who filed for retirement benefits on-line.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                     15\n\x0c                                          Appendices\nAPPENDIX A \xe2\x80\x93 Acronyms\n\nAPPENDIX B \xe2\x80\x93 Related Office of the Inspector General Reports\n\nAPPENDIX C \xe2\x80\x93 Office of the Inspector General Contacts\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)\n\x0c                                                                     Appendix A\n\nAcronyms\n\n ALJ              Administrative Law Judge\n CDI              Cooperative Disability Investigations\n DDS              Disability Determination Services\n DHS              Department of Homeland Security\n DI               Disability Insurance\n EEO              Earnings Enforcement Operation\n ESF              Earnings Suspense File\n FISMA            Federal Information Security Management Act\n FY               Fiscal Year\n GAO              Government Accountability Office\n IPIA             Improper Payments Information Act\n IRTPA            Intelligence Reform and Terrorism Prevention Act\n ISBA             Internet Social Security Benefit Application\n ITOA             Information Technology Operations Assurance\n NAS              National Academy of Sciences\n OASDI            Old-Age, Survivors and Disability Insurance\n ODAR             Office of Disability Adjudication and Review\n OIG              Office of the Inspector General\n OMB              Office of Management and Budget\n PII              Personally Identifiable Information\n PMA              President\xe2\x80\x99s Management Agenda\n QDD              Quick Disability Determination\n SSA              Social Security Administration\n SSI              Supplemental Security Income\n SSN              Social Security Number\n SSNVS            Social Security Number Verification Service\n SSPP             Standardized Security Profile Project\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)\n\x0c                                                                       Appendix B\n\n  Related Office of the Inspector General Reports\n    Management Challenge Area, Report Title and                              Report\n          Common Identification Number                                       Issued\n                         Social Security Number Protection\n\nEffectiveness of the Single Select Edit Routine (A-03-07-17065)        September 28, 2007\n\nThe Validity of Earnings Posted to the Social Security\nAdministration\xe2\x80\x99s Master Earnings File for Children Ages 7 through 13   September 28, 2007\n(A-02-06-26051)\n\nSocial Security Numbers Assigned to Citizens of Compact of Free\n                                                                       September 24, 2007\nAssociation Countries (Limited Distribution) (A-08-07-17077)\n\nAssessment of F-1 Students\xe2\x80\x99 Use of Social Security Numbers\n                                                                       September 12, 2007\n(A-08-07-17085)\n\nState and Local Governments\xe2\x80\x99 Collection and Use of Social Security\n                                                                       September 10, 2007\nNumbers (A-08-07-17086)\n\nControls Over Employee Verification Programs (A-03-06-15036)           September 4, 2007\n\nOverstated Earnings and Their Effect on Social Security\n                                                                       August 7, 2007\nAdministration Programs (A-03-05-25018)\nAssignment of Social Security Numbers to J-1 Exchange Visitors\n                                                                       July 20, 2007\n(A-08-07-17076)\n\nField Office Use of the SS-5 Assistant (A-04-07-17026)                 July 2, 2007\n\nOriginal Social Security Numbers Assigned to U.S. Citizens Age 12\n                                                                       June 18, 2007\nor Older (A-08-07-17043)\n\nThe Las Vegas Social Security Card Center (A-09-06-16101)              February 8, 2007\n\nImpact of Unauthorized Employment on Social Security Benefits\n                                                                       December 21, 2006\n(A-14-05-14042)\n\nCongressional Response Report: Accuracy of the Social Security\n                                                                       December 18, 2006\nAdministration\xe2\x80\x99s Numident File (A-08-06-26100)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                     B-1\n\x0c    Management Challenge Area, Report Title and                              Report\n          Common Identification Number                                       Issued\n                         Social Security Number Protection\nCongressional Response Report: Employer Feedback on the Social\n                                                                        December 14, 2006\nSecurity Administration\'s Verification Programs (A-03-06-26106)\n\nEffectiveness of the Young Children\'s Earnings Records\n                                                                        October 20, 2006\nReinstatement Process (A-03-05-25009)\n\n    Management Challenge Area, Report Title and                              Report\n          Common Identification Number                                       Issued\n                      Management of the Disability Process\nClaimant Representatives Barred from Practicing before the Social\n                                                                        September 28, 2007\nSecurity Administration (A-12-07-17057)\nDisability Insurance Beneficiaries Convicted of Crimes Against the\n                                                                        September 24, 2007\nSocial Security Administration\xe2\x80\x99s Programs (A-06-06-16132)\n\nWorkload Activity at Five Hearing Offices in Region IV\n                                                                        September 10, 2007\n(A-12-07-27091)\n\nQuick Disability Determinations (A-01-07-17035)                         May 31, 2007\n\nOrganizational Review of the Office of Disability and Income Security\n                                                                        May 16, 2007\nPrograms (A-12-07-27162)\n\nManagement\xe2\x80\x99s Use of Workload Status Reports at Hearing Offices\n                                                                        March 26, 2007\n(A-12-06-26130)\n\nImpact of Statutory Benefit Continuation on Disability Insurance\nBenefit Payments Made During the Appeals Process                        December 21, 2006\n(A-07-05-15094)\n\nChildhood Continuing Disability Reviews and Age 18\n                                                                        December 20, 2006\nRedeterminations (A-01-06-21093)\n\nTitle II Disability Insurance Benefits with a Workers\' Compensation\n                                                                        November 22, 2006\nOffset (A-04-05-15133)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                    B-2\n\x0c     Management Challenge Area, Report Title and                            Report\n           Common Identification Number                                     Issued\n              Improper Payments and Recovery of Overpayments\n\nAdministrative Finality in the Old-Age, Survivors and Disability\n                                                                      September 24, 2007\nInsurance Program (A-01-07-27029)\n\nImproper Payments Resulting from the Annual Earnings Test\n                                                                      August 31, 2007\n(A-09-07-17066)\n\nUnderpayments on Prior Supplemental Security Income Records\n                                                                      August 31, 2007\n(A-07-07-17034)\nControls over Survivor\'s Benefits When Indications Exist a Wage\n                                                                      August 8, 2007\nEarner is Alive (A-06-06-16088)\nThe Social Security Administration\'s Monitoring of Dedicated\nAccounts for Supplemental Security Income Recipients                  August 3, 2007\n(A-13-06-16032)\n\nCross-Program Recovery of Benefit Overpayments (A-13-06-16031)        June 22, 2007\n\nThe Social Security Administration\'s Controls and Procedures over\n                                                                      May 31, 2007\nSupplemental Security Income Death Alerts (A-09-06-16128)\n\nFECA: A Nationwide Review of Federal Employees Who Received\nCompensation for Lost Wages for Periods When "Earned Wages"\n                                                                      May 18, 2007\nWere Reported on the Social Security Administration\'s Master\nEarnings File (A-15-06-16037)\nAdjustment of Widow\xe2\x80\x99s Insurance Benefits at Full Retirement Age\n                                                                      May 14, 2007\n(A-01-07-27122)\n\nSupplemental Security Income Recipients Eligible as Disabled Adult\nChildren Under the Old-Age, Survivors and Disability Insurance        April 30, 2007\nProgram (A-13-07-17073)\n\nAccountability over Duplicate Payments, Equipment and Records in\n                                                                      April 23, 2007\nthe Hurricane Recovery Area (A-06-06-26137)\n\nSupplemental Security Income Payments Mailed to Field Office\n                                                                      April 23, 2007\nAddresses (A-06-06-26140)\n\nThe Social Security Administration\xe2\x80\x99s Accountability of Federal\nEmergency Management Agency Funds Provided for Hurricane              March 23, 2007\nRelief Efforts (A-06-06-26138)\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                    B-3\n\x0c    Management Challenge Area, Report Title and                             Report\n          Common Identification Number                                      Issued\n              Improper Payments and Recovery of Overpayments\n\nDirect Deposits for Multiple Title XVI Recipients into the Same Bank\n                                                                       March 23, 2007\nAccount (A-02-06-25141)\n\nThe Social Security Administration\'s Collection of Court-ordered\n                                                                       March 2, 2007\nRestitution (A-02-06-26019)\n\nGovernment Pension Offset Exemption for Texas School Districts\'\n                                                                       January 8, 2007\nEmployees (A-09-06-26086)\n\nTitle II Beneficiaries in England (A-01-06-26131)                      December 11, 2006\n\nSupplemental Security Income Recipients Whose Medicare Benefits\n                                                                       November 14, 2006\nWere Terminated Due to Death (A-01-06-26105)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                    B-4\n\x0c     Management Challenge Area, Report Title and                            Report\n           Common Identification Number                                     Issued\n          Internal Control Environment and Performance Measures\nFollow-Up Audit: Indirect Costs for the Connecticut Disability\nDetermination Services for the Period July 1, 2003 through June 30,    September 28, 2007\n2005 (A-15-07-16034)\n\nManagement Advisory Report: Single Audit of the State of Arizona\n                                                                       September 24, 2007\nfor the Fiscal Year Ended June 30, 2006 (A-77-07-00013)\n\nManagement Advisory Report: Single Audit of the Commonwealth of\nPennsylvania for the Fiscal Year Ended June 30, 2006                   September 24, 2007\n(A-77-07-00012)\nPerformance Indicator Audit: Staff Skills and Productivity\n                                                                       September 24, 2007\n(A-02-07-17127)\n\nContract with I. Levy and Associates for Development and\nImplementation of the Electronic Folder Interface at Disability        September 24, 2007\nDetermination Services (A-07-07-17104)\n\nPerformance Indicator Audit: Customer Satisfaction (A-15-07-17129) September 24, 2007\n\nManagement Advisory Report: Adequacy of the Administrative\nPractices in the Atlanta North Office of Disability Adjudication and   September 5, 2007\nReview (Limited Distribution) (A-04-07-27153)\nManagement Advisory Report: Defense Contract Audit Agency\'s\nAudit of Lockheed Martin Services, Inc., Incurred Costs for Calendar\n                                                                       August 31, 2007\nYear Ending December 31, 2005 (Limited Distribution)\n(A-15-08-28046)\n\nPerformance Indicator Audit: Improper Payments (A-15-07-17128)         August 31, 2007\n\nAdministrative Costs Claimed by the New Jersey Department of\n                                                                       August 3, 2007\nLabor, Division of Disability Determination Services (A-02-06-16043)\n\nAdministrative Costs Claimed by the California Disability\n                                                                       July 31, 2007\nDetermination Services (A-09-06-16129)\n\nAdministrative Costs Claimed by the Missouri Disability\n                                                                       July 12, 2007\nDetermination Services (A-07-06-16098)\n\nAdministrative Costs Claimed by the West Virginia Disability\n                                                                       June 27, 2007\nDetermination Services (A-13-06-16121)\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                     B-5\n\x0c    Management Challenge Area, Report Title and                                Report\n          Common Identification Number                                         Issued\n          Internal Control Environment and Performance Measures\n\nContract with Riojas Enterprises, Incorporated, for Case Folder Filing\n                                                                         June 19, 2007\nSupport Services - Contract #0600-98-34420 (A-04-07-17027)\n\nAdministrative Costs Claimed by the New York Division of Disability\n                                                                         June 11, 2007\nDeterminations (A-02-07-17046)\nPerformance Review of the Social Security Administration\'s National\nComputer Center and Security West Building Guard Service Contract May 31, 2007\n(Limited Distribution) (A-15-06-16139)\nAdministrative Costs Claimed by the Idaho Disability Determination\n                                                                         May 30, 2007\nServices (A-09-06-16120)\n\nContract for the Migration of I. Levy Software at Disability\n                                                                         May 24, 2007\nDetermination Services (Limited Distribution) (A-07-07-17033)\n\nAdministrative Costs Claimed by the Illinois Disability Determination\n                                                                         May 22, 2007\nServices (A-05-06-16118)\n\nAdministrative Costs Claimed by the Mississippi Disability\n                                                                         May 18, 2007\nDetermination Services (A-08-06-16125)\n\nPerformance Indicator Audit: Hearings and Appeals Process\n                                                                         May 17, 2007\n(A-15-06-16113)\n\nPerformance Indicator Audit: Disability Determination Services\n                                                                         May 8, 2007\nProcessing (A-02-06-16110)\n\nThe Social Security Administration\'s Oversight of the PSI Group, Inc.,\nPresort Mail Contract -- Contract # GS-25F-0010M (Limited              April 24, 2007\nDistribution) (A-15-07-17032)\n\nThe Social Security Administration\'s Compliance with Employee Tax\n                                                                         April 6, 2007\nRequirements (A-03-06-16062)\n\nAdministrative Costs Claimed by the Tennessee Disability\n                                                                         March 30, 2007\nDetermination Services (A-04-06-16053)\n\nDefense Contract Audit Agency\xe2\x80\x99s Audit of Lockheed Martin Services,\nInc. Incurred Costs for Calendar Year Ending December 31, 2004           March 30, 2007\n(Limited Distribution) (A-15-07-27117)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                      B-6\n\x0c    Management Challenge Area, Report Title and                              Report\n          Common Identification Number                                       Issued\n\n          Internal Control Environment and Performance Measures\n\nManagement Advisory Report: Single Audit of the Puerto Rico\nDepartment of the Family for the Fiscal Year Ended June 30, 2003        March 30, 2007\n(A-77-07-00010)\n\nAdministrative Costs Claimed by the Commonwealth of Puerto Rico\n                                                                        March 26, 2007\nDisability Determination Program (A-06-06-16117)\n\nAdministrative Costs Claimed by the Florida Division of Disability\n                                                                        March 23, 2007\nDeterminations (A-15-06-16127)\n\nManagement Advisory Report: Single Audit of the State of Illinois for\n                                                                        March 23, 2007\nthe Fiscal Year Ended June 30, 2005 (A-77-07-00009)\nManagement Advisory Report: Single Audit of the State of\nNew Jersey for the Fiscal Year Ended June 30, 2005                      March 23, 2007\n(A-77-07-00011)\nPerformance Indicator Audit: Claims Processing (A-15-06-16109)          March 16, 2007\n\nPerformance Indicator Audit: Electronic Service Delivery\n                                                                        March 8, 2007\n(A-15-06-16111)\n\nManagement Advisory Report: Single Audit of the Government of\nthe District of Columbia for the Fiscal Year Ended September 30,        February 27, 2007\n2005 (A-77-07-00008)\n\nControls over Representative Payee Accounting of Social Security\n                                                                        February 26, 2007\nFunds (A-15-06-16065)\n\nAdministrative Costs Claimed by the Maryland Disability\n                                                                        February 5, 2007\nDetermination Services (A-13-06-16029)\nManagement Advisory Report: Single Audit of the Hawaii\nDepartment of Human Services for the Fiscal Year Ended June 30,         February 5, 2007\n2005 (A-77-07-00007)\nContract for the Meridian Management Corporation at the Great\nLakes Program Service Center (Limited Distribution)                     January 29, 2007\n(A-05-07-17058)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                     B-7\n\x0c    Management Challenge Area, Report Title and                            Report\n          Common Identification Number                                     Issued\n\n          Internal Control Environment and Performance Measures\n\nManagement Advisory Report: Single Audit of the State of\nWashington for the Fiscal Year Ended June 30, 2005                    January 18, 2007\n(A-77-07-00006)\n\nMAXIMUS\' Indirect Cost Rates for Fiscal Years 2002 and 2003\n                                                                      December 21, 2006\n(Limited Distribution) (A-15-06-16091)\n\nManagement Advisory Report: Single Audit of the State of South\n                                                                      December 4, 2006\nCarolina for the Fiscal Year Ended June 30, 2005 (A-77-07-00005)\nCosts Claimed by the Association of University Centers on\nDisabilities Contract Number 600-01-60127 (Limited Distribution)      December 1, 2006\n(A-15-07-17031)\nManagement Advisory Report: Single Audit of the Commonwealth of\nPennsylvania for the Fiscal Year Ended June 30, 2005                  November 22, 2006\n(A-77-07-00004)\n\nManagement Advisory Report: Single Audit of the State of New York\n                                                                      November 22, 2006\nfor the Fiscal Year Ended March 31, 2005 (A-77-07-00003)\n\nSocial Security Administration\'s Financial Report for Fiscal Year\n                                                                      November 7, 2006\n2006 (A-15-06-16099)\n\nInspector General Statement on the Social Security Administration\'s\n                                                                      November 3, 2006\nMajor Management Challenges (A-02-07-17075)\n\nAdministrative Costs Claimed by the Vermont Disability\n                                                                      October 27, 2006\nDetermination Services (A-01-06-16041)\n\nManagement Advisory Report: Single Audit of the State of Maryland\n                                                                      October 27, 2006\nfor the Fiscal Year Ended June 30, 2005 (A-77-07-00002)\n\nManagement Advisory Report: Single Audit of the State of Florida for\n                                                                     October 27, 2006\nthe Fiscal Year Ended June 30, 2005 (A-77-07-00001)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                 B-8\n\x0c    Management Challenge Area, Report Title and                             Report\n          Common Identification Number                                      Issued\n            Systems Security and Critical Infrastructure Protection\n\nThe Social Security Administration\'s Information Resources\n                                                                       September 28, 2007\nManagement Strategic Plan (A-14-07-27133)\n\nOn-site Security Control and Audit Review at Hearing Offices\n                                                                       September 28, 2007\n(A-12-07-17080)\nAccess to Social Security Administration Data Provided by Disability\nDetermination Services Positional Profiles (Limited Distribution)      September 28, 2007\n(A-14-07-17024)\nFiscal Year 2007 Evaluation of the Social Security Administration\'s\nCompliance with the Federal Information Security Management Act        September 24, 2007\n(A-14-07-17101)\n\nCompliance with Onsite Security Control and Audit Review\n                                                                       September 4, 2007\nRequirements at Field Offices (A-02-07-27021)\n\nThe Social Security Administration\'s Incident Response and\n                                                                       August 3, 2007\nReporting System (A-14-07-17070)\nSocial Security Administration\'s Management of Information\n                                                                       July 26, 2007\nTechnology Projects (A-14-07-17099)\n\nSocial Security Administration\'s Progress in Implementing Homeland\n                                                                       July 26, 2007\nSecurity Presidential Directive 12 (A-14-07-27110)\nThe Social Security Administration\'s Information Technology\nMaintenance and Local Area Network Relocation Contract                 May 21, 2007\n(A-14-07-17022)\nGeneral Controls Review of the Florida Division of Disability\n                                                                       January 10, 2007\nDeterminations Claims Processing System (A-14-06-16023)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                     B-9\n\x0c    Management Challenge Area, Report Title and                             Report\n          Common Identification Number                                      Issued\n                  Service Delivery and Electronic Government\nPayee Services, A Fee-for-Service Organizational Representative\nPayee for the Social Security Administration (Limited Distribution)   September 24, 2007\n(A-07-07-27150)\n\nManagement Advisory Report: Third Parties Applying for Medicare\nPart D Low-Income Subsidies on Behalf of Others (Limited              September 5, 2007\nDistribution) (A-08-07-27177)\n\nAn Individual Representative Payee for the Social Security\n                                                                      July 3, 2007\nAdministration in the San Francisco Region (A-09-07-17063)\n\nPhase 6 of the Social Security Administration\'s Special Disability\n                                                                      May 18, 2007\nWorkload (A-13-07-27123)\nKansas Department of Social and Rehabilitation Services, an\nOrganizational Representative Payee for the Social Security           March 23, 2007\nAdministration (A-07-07-17045)\nFollow-up: Analysis of Information Concerning Representative\n                                                                      January 18, 2007\nPayee Misuse of Beneficiaries\' Payments (A-13-06-26097)\n\nFollow up on the Social Security Administration\'s Procedures to\n                                                                      October 27, 2006\nIdentify Representative Payees Who Are Deceased (A-01-06-16054)\n\n\n\n\n  IG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)                  B-10\n\x0c                                                                      Appendix C\n\nOffice of the Inspector General Contacts\n\nWalter Bayer, Director                        Social Security Number Protection\nKim Byrd, Director\nCylinda McCloud-Keal, Director\n\nMark Bailey, Director                         Management of the Disability Process\n\nRona Lawson, Director                         Improper Payments and Recovery of\nJudith Oliveira, Director                     Overpayments\n\nTim Nee, Director                             Internal Control Environment and\nVictoria Vetter, Director                     Performance Measures\n\nKitt Winter, Director                         Systems Security and Critical\n                                              Infrastructure Protection\n\nJim Klein, Director                           Service Delivery and Electronic\nShirley Todd, Director                        Government\n\n\n\nFor additional copies of this report, please visit our web site at\nwww.socialsecurity.gov/oig or contact the Office of the Inspector General\xe2\x80\x99s Public\nAffairs Specialist at (410) 965-3218. Refer to Common Identification\nNumber A-02-08-18061.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-08-18061)\n\x0c                           DISTRIBUTION SCHEDULE\n\nCommissioner of Social Security\nOffice of Management and Budget, Income Maintenance Branch\nChairman and Ranking Member, Committee on Ways and Means\nChief of Staff, Committee on Ways and Means\nChairman and Ranking Minority Member, Subcommittee on Social Security\nMajority and Minority Staff Director, Subcommittee on Social Security\nChairman and Ranking Minority Member, Subcommittee on Human Resources\nChairman and Ranking Minority Member, Committee on Budget, House of\nRepresentatives\nChairman and Ranking Minority Member, Committee on Government Reform and\nOversight\nChairman and Ranking Minority Member, Committee on Governmental Affairs\nChairman and Ranking Minority Member, Committee on Appropriations, House of\nRepresentatives\nChairman and Ranking Minority, Subcommittee on Labor, Health and Human Services,\nEducation and Related Agencies, Committee on Appropriations,\n House of Representatives\nChairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Subcommittee on Labor, Health and Human\nServices, Education and Related Agencies, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Committee on Finance\nChairman and Ranking Minority Member, Subcommittee on Social Security and Family\nPolicy\nChairman and Ranking Minority Member, Senate Special Committee on Aging\nSocial Security Advisory Board\n\x0c               Overview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI),\nOffice of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office\nof Resource Management (ORM). To ensure compliance with policies and procedures, internal\ncontrols, and professional standards, we also have a comprehensive Professional Responsibility\nand Quality Assurance program.\n                                        Office of Audit\nOA conducts and/or supervises financial and performance audits of the Social Security\nAdministration\xe2\x80\x99s (SSA) programs and operations and makes recommendations to ensure\nprogram objectives are achieved effectively and efficiently. Financial audits assess whether\nSSA\xe2\x80\x99s financial statements fairly present SSA\xe2\x80\x99s financial position, results of operations, and cash\nflow. Performance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s programs\nand operations. OA also conducts short-term management and program evaluations and projects\non issues of concern to SSA, Congress, and the general public.\n\n\n                                    Office of Investigations\nOI conducts and coordinates investigative activity related to fraud, waste, abuse, and\nmismanagement in SSA programs and operations. This includes wrongdoing by applicants,\nbeneficiaries, contractors, third parties, or SSA employees performing their official duties. This\noffice serves as OIG liaison to the Department of Justice on all matters relating to the\ninvestigations of SSA programs and personnel. OI also conducts joint investigations with other\nFederal, State, and local law enforcement agencies.\n\n\n                   Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including\nstatutes, regulations, legislation, and policy directives. OCCIG also advises the IG on\ninvestigative procedures and techniques, as well as on legal implications and conclusions to be\ndrawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary\nPenalty program.\n                              Office of Resource Management\nORM supports OIG by providing information resource management and systems security. ORM\nalso coordinates OIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human\nresources. In addition, ORM is the focal point for OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act of 1993.\n\x0c'